CoinGate Privacy Policy

Version applicable as of February 7th 2022

  1. Why should I read this Privacy Policy?

    This Privacy Policy (‘policy’) describes how CoinGate (CoinGate is owned and operated by UAB “Decentralized”) (hereinafter referred to as the “Company”, “we”, “us”, “our”) collects, uses, discloses, and stores your personal information and what statutory rights do you have. We protect your personal information under the applicable data protection laws. We may amend this policy unilaterally from time to time. Any such amendments will be effective immediately upon publication, therefore please visit our website regularly for the latest version of this policy.

  2. Who is responsible for protecting my information?

    We are: CoinGate (owned and operated by UAB “Decentralized”)
    Our company number is: 303423510
    Our address: A. Goštauto g. 8-331, LT-01108 Vilnius
    Our e-mail address: info@coingate.com

  3. Why and how do you use my information?

    3.1 To provide you with virtual currency purchasing, payment processing collection and related services

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    When you are our client, manager, or representative of a legal entity or shopperE-mail address, password, country, IP address, name and surname, gender, place of birth, address, telephone number, cryptocurrency address, bank account number, account number of money withdrawal platform, PayPal address, transaction amount, transaction currency, transaction time, address of the sender of the transaction, address of the payee of the transaction, power of attorney, data provided in the business registration certificate, data provided in the document of business address proof, requests for overpayments, Facebook ID information, Google ID information, other information provided by youContract (Art. 6 (1) (b) of GDPR)From yourselfIt is a contractual requirement. If you do not provide this information, we will not be able to provide our services10 years after termination of your account

    3.2 To provide you with virtual currency swap services

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    When you use our virtual currency swap services without undergoing a verification (identification) processEmail address, country, IP address, types of swapped virtual currencies, cryptocurrency address, transaction amount, device fingerprint, telephone numberContract (Art. 6 (1) (b) of GDPR)From yourselfIt is a contractual requirement. If you do not provide this information, we will not be able to provide our services10 years after the use of our currency swap services

    3.3 To enable you to exchange your virtual currencies into various gift cards

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    When you exchange your virtual currencies into gift cards of various vendors and platformsFirst name, last name, email address, country, IP address, cryptocurrency address, transaction amount, type and amount of gift card, email of the person to whom you send the gift cardContract (Art. 6 (1) (b) of GDPR)From yourselfIt is a contractual requirement. If you do not provide this information, we will not be able to provide our services10 years after the exchange of your virtual currency to a gift card

    3.4 To verify you when necessary

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    When you use our virtual currency purchasing, payment processing collection services, or when you use our virtual currency swap services and make a transaction larger than 1 000 EUR or a transaction that raises suspicionCountry of residence, name and surname, gender, place of birth, date of birth, nationality, address, telephone number, ID number, personal code, ID expiry date, ID copy, photo of youContract (Art. 6 (1) (b) of GDPR)From yourselfIt is a contractual requirement. If you do not provide this information, we will not be able to provide our services10 years after termination of your account

    3.5 To implement measures of anti-money laundering (AML) and counter-terrorist financing (CTF)

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    When establishing a business relationship with us (when you are a customer (natural person), company’s manager or a representative)Name and surname, ID information (such as number, date of issuance, period of validity), date of birth, sex, no personal number (true/false), personal number, personal number type, document number, date of expiry, document type, issuing country, citizenship or citizenships, nationalities, place of birth, address, city, postal code, country of residence, annual income, are transactions over 15 000 EUR expected? (yes/no). source of funds, source of wealth, expected yearly turnover using our services, used services, countries from which funds will be incoming, account opening purposes, geolocation data, information on the company’s director and representative (name, surname, ID, date of birth, sex, no personal number (true/false), personal number, personal number type, document number, date of expiry, document type, the country that has issued an identity document, citizenship, nationalities, place of birth, address, city, postal code, country of residence, sanctions, current position, email), information on the ultimate beneficial owner (name, surname, sex, personal number, date of birth, place of birth, address, citizenship, nationality, country, website (reputable third-party source), amount of shares, stake in the main company.Legal obligation (Art. 6 (1) (c) of GDPR)
    Art. 9, ,11, 12, 16 of the Law on AML
    From yourself, AML/CTF service providersIt is a statutory requirement. If you do not provide this information, we will not be able to provide our servicesFor the duration of and 8 years after the termination of the business relationship
    Information on participation in politics - whether you (trader) are a politically exposed person (PEP), whether the beneficial owner of the company, their immediate family member, or a close associate is a PEP, and information on the beneficial owner’s prominent public functionsReasons of substantial public interest
    (Art. 9 (2) (g) of GDPR) Art. 14 of the Law on AML

    3.6 To ensure security of and improve our website

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    When you use our websiteInternet protocol address (IP), user agent, referrer url, date and time of website visitingLegitimate interest (security and improvement of our website) (Art. 6 (1) (f) of GDPR)From yourselfNo10 years after your last visit of our website

    3.7 To provide you with customer support

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    When you submit an inquiry to our customer supportE-mail address, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, your name and (or) surname provided in your inquiry, reply to your inquiry, information provided by youConsent (Art. 6 (1) (a) of GDPR)From yourselfNo10 years after the receipt of the last inquiry

    3.8 To inform you about our services that may be relevant to you

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    When we want to inform you or ask your opinion about our servicesName and surname, e-mailConsent (Art. 6 (1) (a) of GDPR)
    (Art. 69 (1) of Lithuanian Law on Electronic Communications)
    Customer relationship (Art. 69 (2) of Lithuanian Law on Electronic Communications)
    Legitimate interest (to send direct marketing communications) (Art. 6 (1) (f) of GDPR)
    From yourself
    Social media service providers
    Marketing service providers
    No10 years after the last use of our services or after you give your consent unless you withdraw your consent earlier

    3.9 To manage our social media profiles

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my data?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    If you interact with our social media profiles (e.g., send a message, follow our profiles, share a post, react to a post)Name and surname indicated in your profile, e-mail address, gender, country, picture, message, time, and date the message was received, content of the message, message attachments, response to the message, time of response to the message, information about our rating, comments on a post, post shares, information about post reactionsConsent (Art. 6 (1) (a) of GDPR)From yourself and social media platformsYou are not statutorily or contractually obliged to provide this personal data, but we will collect this data if you interact with our social media profiles10 years from the moment you interact with our social media profiles

    3.10 To carry out the selection of potential employees

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    When we receive your application for a job position, when you give us your consent for storing your CV, or we contact you based on the information you publicly disclose on professional social media platformsFull name, e-mail, phone number, CV, work experience, other information you provide us withConsent (Art. 6 (1) (f) of GDPR)
    Contract (Art. 6 (1) (b) of GFPR)
    Legitimate interest (to contact you when you publicly disclose your information on professional social media platforms) (Art. 6 (1) (f) of GDPR)
    From yourself
    Professional social media service providers
    HR agencies
    It is a requirement necessary to enter into a contract only where we intend to enter into an employment contract with you. If you do not provide this information, we will not be able to enter into an employment contract with you.3 years after the end of the relevant recruitment process
    5 years after you give us your consent or publicly disclose your information on professional social media platforms

    3.11 To fulfill statutory accounting requirements

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    When you use our servicesFull name, e-mail address, telephone number, bank account number, address, signature, invoices, reports, accounting documents, payments, paid amounts, other information we are statutorily required to collectLegal obligation (Art. 6 (1) (c) of GDPR) aw on Accounting of the Republic of LithuaniaFrom yourselfIt is a statutory requirement. If you do not provide this information, you will not be able to buy goods or services from us10 years following a transaction

    3.12 To defend our rights and interests

    When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
    In case we become a party to legal process which you are subject to or we are statutorily required to collect information about youAll of the afore-mentioned information, accounting and legal case files, legal documents, other information you provide us with, other information that we are statutorily required to collect and/or provideLegal obligation (Art. 6 (1) (c) of GDPR)
    Legitimate interest (to protect our rights and interests) (Art. 6 (1) (f) of GDPR).
    From afore-mentioned sources, law enforcement authorities, parties that are subject to legal process, courtsYes, where we are statutorily obliged to collect personal information10 years following the end of the contractual relationship with us or, whichever is longer, for the duration of the legal process and 3 years after a final authority decision came into full force
    If the case arises - information about criminal offenses and convictionsEstablishment, exercise, or defense of legal claims (Art. 9 (2) (f) of GDPR)
  4. Who do you share my data with?

    We share your data with data recipients, both within and outside the European Economic Area (EEA), in cases where necessary for the above-described purposes and allowed in accordance with applicable laws.

    NoCategory of information recipientInformation recipientCountry of the recipientWhat is the legal basis to transfer my data outside the EEA?
    4.1.AML and identification service providersOnfido Ltd.UKDecision on the adequate protection of personal data by the United Kingdom (link)
    Elliptic Enterprises Ltd.UK
    Other service providersWorldwideEU Standard Contractual Clauses for the transfer of data as approved by the European Commission (link) (further - EU Standard Contractual Clauses)
    4.2.Banking, payment processing, crypto exchange and other financial service providersUAB “IBS Lithuania”Lithuania (EU)N/A
    UAB "Nexpay"Lithuania (EU)N/A
    UAB "Binance"Lithuania (EU)N/A
    Bitstamp Ltd.UKDecision on the adequate protection of personal data by the United Kingdom (link)
    Other service providersWorldwideEU Standard Contractual Clauses (link)
    4.3.Software service providersMicrosoft CorporationUSMicrosoft Standard Contractual Clauses (link)
    Other software service providersWorldwideEU Standard Contractual Clauses (link)
    4.4.Communication tools service providersSkype Communications S.a r.l.Luxembourg (EU)N/A
    Slack Technologies, LLCUSSlack Technologies Standard Contractual Clauses (link)
    Other service providersWorldwideEU Standard Contractual Clauses (link)
    4.5.Social media service providersFacebook Ireland Ltd.Ireland (EU)N/A
    Reddit Ireland Ltd.Ireland (EU)N/A
    Twitter Inc.USEU Standard Contractual Clauses (link)
    Other service providersWorldwideEU Standard Contractual Clauses (link)
    4.6.Customer support service providersZendesk, Inc.USZendesk Standard Contractual Clauses (link)
    4.7.Cloud hosting service providersAmazon Web Services, Inc.USAmazon Standard Contractual Clauses (link)
    Google LLC.USGoogle Standard Contractual Clauses (link)
    Other service providersWorldwideEU Standard Contractual Clauses (link)
    4.8.Marketing service providersCalendly LLCUSEU Standard Contractual Clauses which are incorporated by reference to the Calendly Data Processing Addendum (link)
    Other service providersWorldwideEU Standard Contractual Clauses (link)
    4.9.Compliance and legal service providersOther service providersEU countries and UKDecision on the adequate protection of personal data by the United Kingdom (link)
    4.10.State institutions and regulatory authoritiesBank of Lithuania, State Tax Inspectorate, Financial Crime Investigation Service, Center of Registers, State Security Department of Lithuania, law enforcement authorities and courts, other state authoritiesWorldwideThe necessity to establish, exercise or defend legal claims (Art. 49(1)(e) of the GDPR)
  5. What statutory rights do I have regarding my data?

    Subject to conditions, limitations, and exceptions established by statutory data protection provisions, you have the rights listed below:

    My rightWhen is this right applicable to me?
    Right of accessWhen you seek to obtain confirmation as to whether we collect or otherwise process personal data concerning you, and, where that is the case, access to the personal data and the information about the data processing.
    Right to rectificationWhen you seek to obtain from us the rectification of inaccurate personal data concerning you.
    Right to erasure (‘right to be forgotten”)
    • When personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • When you withdraw consent on which the processing is based and there is no other legal ground for the processing;
    • When you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes;
    • Where the personal data have been unlawfully processed;
    • Where the personal data have to be erased for compliance with a legal obligation;
    • Where the personal data have been collected in relation to the offer of information society services directly to a child and subject to a consent.
    Right to restriction of processing
    • Where the accuracy of the personal data is contested by you;
    • Where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
    • Where we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
    • Where you have objected to processing.
    Right to data portabilityWhere you seek to receive the data you have provided in a structured, commonly used and machine-readable form or to transmit those data to another controller, the processing is based on consent or on a contract and is carried out by automated means.
    Right to objectWhere the collection and use is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, including profiling, as explained in Section 3 of this Privacy Policy, or where you object to the collection of your personal data for direct marketing purposes.
    Right to withdraw consentWhere the processing is based on consent, as explained in Section 3 of this Privacy Policy, and you seek to withdraw it at any time.
    Right to lodge a complaintWhere you want to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR.
  6. Do you engage in automated individual decision-making, including profiling?

    We perform profiling only for AML regulations’ compliance purposes and to protect our platform from money laundering and terrorist financing. Without AML profiling we will not be able to provide you with our services. We create an AML risk profile after you fill in the “Know Your Customer” (KYC) questionnaire and then we continue to monitor the unexpected changes in your transactional behavior within our platform. AML profiling does not affect your use of our platform if there is no suspicious activity in your account.

  7. Does your website place cookies on my device?

    Yes, our website places the following cookies on your device:

    Cookie categoryCookie nameCookie expiry
    Necessary_GRECAPTCHA179 days
    rc::aPersistent
    rc::bDuring the browsing session
    rc::cDuring the browsing session
    test_cookie1 day
    _zlcmid365 days
    PreferencesLangDuring the browsing session
    trade_options365 days
    trade_values1 hour
    gc_user_s1 year
    last_item1 year
    Statistics_ga2 years
    _hjAbsoluteSessionInProgress1 day
    _gat1 day
    _gid1 day
    _hjFirstSeen1 day
    _hjIncludedInSessionSample1 day
    AnalyticsSyncHistory29 days
    collectSession
    personalization_id2 years
    px.gifSession
    _fbp3 months
    sc365 days
    sentryid365 days
    TSNGUID365 days
    _hjSession1 day
    device_id_365 days
    _hjSessionUser_1 year
    first_acquisition1 year
    Marketing/ad/#/pixelSession
    _gcl_au3 months
    ads/ga-audiencesSession
    bcookie2 years
    bscookie2 years
    IDE1 year
    langSession
    lidc1 day
    pagead/1p-user-list/#During the browsing session
    pagead/landingSession
    TrSession
    uaid30 years
    UserMatchHistory29 days
    nQ_cookieId1 year
    nQ_userVisitId1 day
    Unclassifiedsimplex-logo.pngSession
  8. How can I manage cookies?

    You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. You can control the use of functionality cookies, targeting cookies or advertising cookies by adjusting your browser settings. To find out how to manage cookies in your browser, please visit one of the links below:

  9. How can I contact your data protection officers?

    If you have any questions, comments, or complaints regarding how we collect, use, and store your personal information, our data protection officers are ready to help you. If you need their help, you may contact them at any time via dpo@coingate.com.